Conference Description
Key Takeaways
- Regional cybersecurity summit for financial services professionals across Asia-Pacific
- Focus on threat intelligence sharing, incident response coordination, and collective defence strategies
- Designed for CISOs, security executives, IT risk managers, and threat intelligence analysts
- Addresses third-party risk management, insider threats, and board-level security reporting
- Two-day programme combining strategic presentations with technical workshops and peer discussions
Introduction
The FS-ISAC 2026 APAC Summit convenes cybersecurity leaders from across the financial services sector for two days of focused discussion on protecting critical financial infrastructure. Held in Singapore, the event serves as a regional gathering point for FS-ISAC members working in banks, insurance companies, payment providers, and other financial organisations throughout Asia-Pacific. The summit addresses the increasingly sophisticated threat landscape facing financial institutions, where coordinated attacks, supply chain vulnerabilities, and regulatory pressures demand collaborative responses that extend beyond individual organisations.
Financial services remains one of the most targeted sectors globally, with threat actors continuously refining their tactics to exploit interconnected systems and third-party relationships. The 2026 summit theme, “Fortifying Our Trusted Ecosystem,” reflects the growing recognition that effective cybersecurity in financial services requires coordinated action among institutions, technology partners, service providers, and regulatory bodies.
About the FS-ISAC APAC Summit
FS-ISAC, the Financial Services Information Sharing and Analysis Center, operates as a member-driven organisation dedicated to advancing cybersecurity and resilience across the global financial system. The APAC Summit represents the organisation’s flagship regional event, bringing together security professionals who share threat intelligence, operational insights, and defensive strategies within a trusted community framework.
The programme structure combines multiple formats to address both strategic and technical dimensions of financial services cybersecurity. Presentations deliver insights on emerging threats and defensive innovations, while workshops provide hands-on engagement with specific security challenges. Roundtable discussions and panel sessions create opportunities for peer exchange, allowing attendees to explore how different organisations approach common problems.
This blend of content types reflects the diverse responsibilities held by summit attendees, who range from executives focused on governance and risk oversight to technical practitioners managing day-to-day security operations.
Threat Intelligence and Incident Response Coordination
Central to the summit programme is the examination of cyber threat intelligence practices and methodologies that enable financial institutions to anticipate and respond to attacks more effectively. Sessions explore how organisations can operationalise threat intelligence, moving beyond passive consumption of indicators to active integration with defensive systems and decision-making processes.
The analysis of threat actor tactics, techniques, and procedures receives particular attention. Understanding how adversaries operate—from initial reconnaissance through lateral movement to data exfiltration or system disruption—enables security teams to design more effective detection and response capabilities. Financial institutions face threat actors ranging from financially motivated criminal groups to state-sponsored operations targeting economic intelligence, each requiring different defensive considerations.
Incident response coordination extends beyond individual organisations to encompass sector-wide collaboration. When a significant attack affects one institution, rapid intelligence sharing can help others identify similar activity in their environments before damage occurs. The summit examines frameworks and practices that facilitate this kind of coordinated response while respecting the operational and legal constraints that financial institutions navigate.
Managing Risk Across the Financial Ecosystem
Modern financial services operate through complex webs of interconnected systems, third-party providers, and partner relationships. This interconnection creates efficiency and enables innovation, but it also introduces risk vectors that extend beyond any single organisation’s direct control. The summit addresses third-party risk management as a critical discipline, examining how institutions can assess, monitor, and mitigate risks introduced through vendors, cloud providers, and other external relationships.
Insider risk represents another dimension of the security challenge that receives attention at the event. Whether through malicious intent or inadvertent error, individuals with legitimate access to systems and data can cause significant harm. Effective insider risk programmes balance security controls with operational practicality and employee privacy considerations—a balance that requires ongoing refinement as work patterns and technologies evolve.
Board-level reporting emerges as a recurring theme, reflecting the elevation of cybersecurity from a technical concern to a strategic business issue. Security leaders increasingly must translate complex technical risks into business terms that inform governance decisions and resource allocation. The summit explores approaches to this communication challenge, helping security executives build productive relationships with boards and senior leadership.
Building Operational Resilience
Beyond preventing attacks, financial institutions must prepare to maintain critical operations when incidents occur. Business resilience encompasses the policies, procedures, and technical capabilities that enable organisations to continue serving customers and meeting obligations even under adverse conditions. This includes not only recovery from cyber incidents but also resilience against broader operational disruptions that may have cyber dimensions.
Regulatory frameworks across Asia-Pacific increasingly emphasise operational resilience as a supervisory priority. Financial institutions must demonstrate not only that they have security controls in place but that they can sustain critical functions through various disruption scenarios. The summit provides a forum for examining how organisations are meeting these expectations and learning from peers who have navigated similar regulatory environments.
Network defence and application security form the technical foundation of resilience efforts. As financial services adopt new technologies and delivery channels, the attack surface expands, requiring continuous adaptation of defensive architectures. Data security remains paramount given the sensitivity of financial information and the regulatory obligations surrounding its protection.
Who Should Attend
The summit serves cybersecurity professionals working within financial institutions at mid-to-senior levels. Chief Information Security Officers and security executives will find strategic content addressing governance, risk communication, and programme leadership. Threat intelligence analysts benefit from sessions examining intelligence methodologies and threat actor analysis. IT risk managers gain insights into frameworks for assessing and mitigating cyber risks across complex organisational environments.
The event is particularly valuable for professionals seeking to expand their networks within the financial services security community. The trusted environment created by FS-ISAC membership enables candid discussions that might not occur in more public settings, allowing attendees to learn from peers facing similar challenges at other institutions.
The Value of Sector-Specific Collaboration
Financial services cybersecurity benefits from sector-specific collaboration in ways that generic security events cannot replicate. Institutions within the sector face common threat actors, similar regulatory requirements, and comparable operational constraints. This shared context enables more relevant and actionable knowledge exchange than broader cybersecurity gatherings typically provide.
The FS-ISAC model of member-driven intelligence sharing has demonstrated its value through numerous incidents where early warning from one institution enabled others to strengthen defences before being targeted. The APAC Summit reinforces these ongoing relationships while creating opportunities to establish new connections that enhance the collective security posture of the regional financial services community.

